underpost 2.8.817 → 2.8.821

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.817
+## underpost ci/cd cli v2.8.821
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -29,7 +29,7 @@ Commands:
   test [options] [deploy-list]                               Manages and runs tests, defaulting to the current Underpost default test suite.
   monitor [options] <deploy-id> [env]                        Manages health server monitoring for specified deployments.
   lxd [options]                                              Manages LXD containers and virtual machines.
-  baremetal [options]                                        Manages baremetal server operations, including installation, database setup, and user management.
+  baremetal [options] [workflow-id] [hostname] [ip-address]  Manages baremetal server operations, including installation, database setup, commissioning, and user management.
   help [command]                                             display help for command
  
 ```
@@ -592,29 +592,37 @@ Options:
 
 ### `baremetal` :
 ```
- Usage: underpost baremetal [options]
+ Usage: underpost baremetal [options] [workflow-id] [hostname] [ip-address]
 
 Manages baremetal server operations, including installation, database setup,
-and user management.
+commissioning, and user management.
 
 Options:
   --control-server-install       Installs the baremetal control server.
-  --control-server-db-init       Sets up the database for the baremetal control
-                                 server.
+  --control-server-uninstall     Uninstalls the baremetal control server.
+  --control-server-db-install    Installs up the database for the baremetal
+                                 control server.
   --control-server-db-uninstall  Uninstalls the database for the baremetal
                                  control server.
-  --control-server-init          Initializes the baremetal control server.
-  --control-server-login         Logs in as an administrator to the control
-                                 server.
-  --control-server-uninstall     Uninstalls the baremetal control server.
-  --control-server-stop          Stops the baremetal control server.
-  --control-server-start         Starts the baremetal control server.
-  --get-users                    Retrieves a list of users from the control
-                                 server.
-  --new-api-key                  Generates a new API key for the control
-                                 server.
+  --commission                   Init workflow for commissioning a physical
+                                 machine.
+  --nfs-build                    Builds an NFS root filesystem for a workflow
+                                 id config architecture using QEMU emulation.
+  --nfs-mount                    Mounts the NFS root filesystem for a workflow
+                                 id config architecture.
+  --nfs-unmount                  Unmounts the NFS root filesystem for a
+                                 workflow id config architecture.
+  --nfs-sh                       Copies QEMU emulation root entrypoint shell
+                                 command to the clipboard.
+  --cloud-init-update            Updates cloud init for a workflow id config
+                                 architecture.
+  --cloud-init-reset             Resets cloud init for a workflow id config
+                                 architecture.
+  --logs <log-id>                Displays logs for log id: dhcp, cloud,
+                                 machine, cloud-config.
   --dev                          Sets the development context environment for
                                  baremetal operations.
+  --ls                           Lists available boot resources and machines.
   -h, --help                     display help for command
  
 ```

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.817'
+      engine.version: '2.8.821'
     networks:
       - load-balancer
 

package/manifests/deployment/dd-template-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-template-development-blue
-          image: localhost/rockylinux9-underpost:v2.8.817
+          image: localhost/rockylinux9-underpost:v2.8.821
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -100,7 +100,7 @@ spec:
     spec:
       containers:
         - name: dd-template-development-green
-          image: localhost/rockylinux9-underpost:v2.8.817
+          image: localhost/rockylinux9-underpost:v2.8.821
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/maas/device-scan.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+for iface_path in /sys/class/net/*; do
+  name=$(basename "$iface_path")
+  mac=$(< "$iface_path/address")
+  ip=$(ip -4 addr show dev "$name" \
+       | grep -oP '(?<=inet\s)\d+(\.\d+){3}' || echo "—")
+  operstate=$(< "$iface_path/operstate")
+  mtu=$(< "$iface_path/mtu")
+
+  # Driver: módulo kernel que maneja esta interfaz
+  if [ -L "$iface_path/device/driver" ]; then
+    driver=$(basename "$(readlink -f "$iface_path/device/driver")")
+  else
+    driver="—"
+  fi
+
+  # Vendor:Device ID PCI
+  pci_dev="$iface_path/device"
+  if [ -f "$pci_dev/vendor" ] && [ -f "$pci_dev/device" ]; then
+    vendor_id=$(< "$pci_dev/vendor")
+    device_id=$(< "$pci_dev/device")
+    # pasamos de 0x8086 a 8086, etc.
+    vendor_id=${vendor_id#0x}
+    device_id=${device_id#0x}
+    pci="${vendor_id}:${device_id}"
+  else
+    pci="—"
+  fi
+
+  # Link Speed: lectura directa de /sys/class/net/<iface>/speed
+  speed=$(cat "$iface_path/speed" 2>/dev/null || echo "—")
+
+  echo "Interface: $name"
+  echo "  MAC:          $mac"
+  echo "  IPv4:         $ip"
+  echo "  State:       $operstate"
+  echo "  MTU:          $mtu"
+  echo "  Driver:       $driver"
+  echo "  PCI Vendor:Device ID: $pci"
+  echo "  Link Speed:   ${speed}Mb/s"
+  echo
+done

package/manifests/maas/maas-setup.sh

@@ -1,39 +1,23 @@
 #!/bin/bash
 set -euo pipefail
 
+# Install jq for JSON parsing
 sudo snap install jq
-# sudo snap install --channel=3.0/stable maas
+
+# Install MAAS
 sudo snap install maas
 
 # Get default interface and IP address
 INTERFACE=$(ip route | grep default | awk '{print $5}')
 IP_ADDRESS=$(ip -4 addr show dev "$INTERFACE" | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
 
-# Disable firewalld
-sudo systemctl disable --now iptables
-sudo systemctl disable --now ufw
-sudo systemctl disable --now firewalld
-
-# Enable IP forwarding and configure NAT
-echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
-echo "net.ipv6.conf.all.forwarding = 1" | sudo tee -a /etc/sysctl.conf
-sudo sysctl -p
-
-# Accept all traffic
-sudo iptables -P INPUT ACCEPT
-sudo iptables -P FORWARD ACCEPT
-sudo iptables -P OUTPUT ACCEPT
-
-# List iptables rules
-sudo iptables -L -n
-sysctl net.ipv4.ip_forward
-
+# Change to the engine directory (assuming this is where your MAAS related configs are)
 cd /home/dd/engine
 
-# Load secrets
+# Load secrets for MAAS database and admin credentials
 underpost secret underpost --create-from-file /home/dd/engine/engine-private/conf/dd-cron/.env.production
 
-# Extract config values
+# Extract configuration values from secrets
 DB_PG_MAAS_USER=$(node bin config get --plain DB_PG_MAAS_USER)
 DB_PG_MAAS_PASS=$(node bin config get --plain DB_PG_MAAS_PASS)
 DB_PG_MAAS_HOST=$(node bin config get --plain DB_PG_MAAS_HOST)
@@ -43,23 +27,94 @@ MAAS_ADMIN_USERNAME=$(node bin config get --plain MAAS_ADMIN_USERNAME)
 MAAS_ADMIN_EMAIL=$(node bin config get --plain MAAS_ADMIN_EMAIL)
 MAAS_ADMIN_PASS=$(node bin config get --plain MAAS_ADMIN_PASS)
 
-# Initialize MAAS
+# Initialize MAAS region+rack controller
 maas init region+rack \
     --database-uri "postgres://${DB_PG_MAAS_USER}:${DB_PG_MAAS_PASS}@${DB_PG_MAAS_HOST}/${DB_PG_MAAS_NAME}" \
     --maas-url http://${IP_ADDRESS}:5240/MAAS
 
-# Let MAAS initialize
+# Allow MAAS to initialize (wait for services to come up)
+echo "Waiting for MAAS to initialize..."
 sleep 30
 
-# Create admin and get API key
+# Create MAAS administrator account
 maas createadmin \
     --username "$MAAS_ADMIN_USERNAME" \
     --password "$MAAS_ADMIN_PASS" \
     --email "$MAAS_ADMIN_EMAIL"
 
+# Get the API key for the admin user
 APIKEY=$(maas apikey --username "$MAAS_ADMIN_USERNAME")
 
-# Login to MAAS
+# Login to MAAS using the admin profile
+echo "Logging into MAAS..."
 maas login "$MAAS_ADMIN_USERNAME" "http://localhost:5240/MAAS/" "$APIKEY"
 
+# Set upstream DNS for MAAS
+echo "Setting upstream DNS to 8.8.8.8..."
 maas "$MAAS_ADMIN_USERNAME" maas set-config name=upstream_dns value=8.8.8.8
+
+# echo "Downloading Ubuntu Noble amd64/ga-24.04 image..."
+# maas $MAAS_ADMIN_USERNAME boot-source-selections create 1 \
+#     os="ubuntu" release="noble" arches="amd64" \
+#     subarches="ga-24.04" labels="*"
+
+echo "Downloading Ubuntu Noble arm64/ga-24.04 image..."
+maas $MAAS_ADMIN_USERNAME boot-source-selections create 1 \
+    os="ubuntu" release="noble" arches="arm64" \
+    subarches="ga-24.04" labels="*"
+
+# Import the newly selected boot images
+echo "Importing boot images (this may take some time)..."
+maas "$MAAS_ADMIN_USERNAME" boot-resources import
+
+# Disable the MAAS HTTP proxy
+echo "Disabling MAAS HTTP proxy..."
+maas "$MAAS_ADMIN_USERNAME" maas set-config name=enable_http_proxy value=false
+
+# Disable DNSSEC validation
+echo "Disabling DNSSEC validation..."
+maas "$MAAS_ADMIN_USERNAME" maas set-config name=dnssec_validation value=no
+
+# Set network discovery interval to 10 minutes (600 seconds)
+echo "Setting network discovery interval to 10 minutes..."
+maas "$MAAS_ADMIN_USERNAME" maas set-config name=active_discovery_interval value=600
+
+SSH_KEY=$(cat ~/.ssh/id_rsa.pub)
+maas $MAAS_ADMIN_USERNAME sshkeys create "key=$SSH_KEY"
+
+echo "MAAS setup script completed with new configurations."
+
+
+# maas $MAAS_ADMIN_USERNAME maas set-config name=default_storage_layout value=lvm
+# maas $MAAS_ADMIN_USERNAME maas set-config name=network_discovery value=disabled
+# maas $MAAS_ADMIN_USERNAME maas set-config name=enable_analytics value=false
+# maas $MAAS_ADMIN_USERNAME maas set-config name=enable_third_party_drivers value=false
+# maas $MAAS_ADMIN_USERNAME maas set-config name=curtin_verbose value=true
+
+
+
+echo "Configuring DHCP for fabric-1 (untagged VLAN)..."
+
+# Get the FABRIC_ID for "fabric-1"
+SUBNET_CIDR="192.168.1.0/24"
+SUBNET_ID=$(maas "$MAAS_ADMIN_USERNAME" subnets read | jq -r '.[] | select(.cidr == "'"$SUBNET_CIDR"'") | .id')
+FABRIC_ID=$(maas "$MAAS_ADMIN_USERNAME" fabrics read | jq -r '.[] | select(.name == "fabric-1") | .id')
+RACK_CONTROLLER_ID=$(maas "$MAAS_ADMIN_USERNAME" rack-controllers read | jq -r '.[] | select(.ip_addresses[] == "'"$IP_ADDRESS"'") | .system_id')
+START_IP="192.168.1.191"
+END_IP="192.168.1.254"
+
+if [ -z "$FABRIC_ID" ]; then
+    echo "Error: Could not find FABRIC_ID for 'fabric-1'. Please ensure 'fabric-1' exists in MAAS."
+    exit 1
+fi
+
+# Enable DHCP on the untagged VLAN (VLAN tag 0)
+echo "Enabling DHCP on VLAN 0 for fabric-1 (ID: $FABRIC_ID)..."
+maas "$MAAS_ADMIN_USERNAME" vlan update "$FABRIC_ID" 0 dhcp_on=true primary_rack="$RACK_CONTROLLER_ID"
+
+# Create a Dynamic IP Range for enlistment, commissioning, and deployment
+echo "Creating dynamic IP range from $START_IP to $END_IP..."
+maas "$MAAS_ADMIN_USERNAME" ipranges create type=dynamic start_ip="$START_IP" end_ip="$END_IP"
+
+echo "Setting gateway IP for subnet $SUBNET_CIDR (ID: $SUBNET_ID) to $IP_ADDRESS..."
+maas "$MAAS_ADMIN_USERNAME" subnet update $SUBNET_ID gateway_ip=$IP_ADDRESS

package/manifests/maas/nat-iptables.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+set -euo pipefail
+
+# Disable firewalld
+sudo systemctl disable --now iptables
+sudo systemctl disable --now ufw
+sudo systemctl disable --now firewalld
+
+
+# Remove any existing entries, then append exactly one
+sudo sed -i '/^net.ipv4.ip_forward/d' /etc/sysctl.conf
+sudo sed -i '/^net.ipv6.conf.all.forwarding/d' /etc/sysctl.conf
+echo "net.ipv4.ip_forward = 1"               | sudo tee -a /etc/sysctl.conf
+echo "net.ipv6.conf.all.forwarding = 1"       | sudo tee -a /etc/sysctl.conf
+# ---
+
+sudo sysctl -p
+
+# Accept all traffic
+sudo iptables -P INPUT ACCEPT
+sudo iptables -P FORWARD ACCEPT
+sudo iptables -P OUTPUT ACCEPT
+
+# List iptables rules and forwarding flag
+sudo iptables -L -n
+sysctl net.ipv4.ip_forward net.ipv6.conf.all.forwarding

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.817",
+    "version": "2.8.821",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",